Announcement

Collapse
No announcement yet.

Calling on Vbulletin community need help

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Calling on Vbulletin community need help

    Approximately 3 minutes ago I was hacked they left their trademark ...
    If anybody has any information about these guys please let me know...

    Click image for larger version

Name:	dcclog.jpg
Views:	1
Size:	67.5 KB
ID:	3715600
    YourSyStem r00ted ByDeathSyStem
    ./DeathSyStem
    "İnned Dine İndellahi İSLAM"
    "Muhakkak ALLAH indinde tek Din; İslâmdır."
    "ISLAM is the only religion of Allah"
    GreetZ : DeathSystemôReal_KarizmaôSoyletmez ôBy_MucaHiT (DarkKnight)
    Contact : [email protected] & [email protected]| Thanks: CharmaniaL
    ..::| FOR iSLAM |::..
    ©Turkish & Muslim Attacker



    Apparently they have quite a reputation.....

    I know somebody's got to be smarter than them and that's why I'm asking for the community's help...

    Here is a Google search on them
    http://www.google.com/#hl=en&q=HACKE...bac56246434a91

    http://www.google.com/#hl=en&source=...7c3568f2eec009

    I am running vBulletin® v3.8.3

    I am assuming this means time to upgrade my vBulletin® v3.8.3
    Any help would be greatly appreciated..
    Last edited by RideHarder; Sat 10th Apr '10, 5:42pm.

  • #2
    After installing this mod I got a SQL injection here's the mod
    http://www.vbulletin.org/forum/showt...120517&page=25 ..
    I don't know if this mod had something in it to cause the SQL injection..

    Comment


    • #3
      Clean up all your files, change all the passwords and check the server space for any suspicious files. Check also your db if it has been infected. If it has, then restore your most recent backup from before getting hacked. If it hasn''t then no changes are required there. Then upgrade your forum to the lastest version, 3.8.5 and as last but not least contact your host and let them know about it so they can check their logs and see how they got in so the security issues can be patched up.

      Comment


      • #4
        Thanks

        Comment


        • #5
          You are welcome. Let us know how it will go and/or if you will need further assistence.

          Comment


          • #6
            What I don't understand is 3.8.3 is what I am using and the upgrade is 3.8.5 why does the software developers charge people for software that has vulnerabilities... it seems like they should allow everybody with a license in the past to upgrade so their site will not be hacked.. little confused on this one.. anyways my license is still valid so I will do the upgrade...

            Comment


            • #7
              Originally posted by RideHarder View Post
              What I don't understand is 3.8.3 is what I am using and the upgrade is 3.8.5 why does the software developers charge people for software that has vulnerabilities... it seems like they should allow everybody with a license in the past to upgrade so their site will not be hacked.. little confused on this one.. anyways my license is still valid so I will do the upgrade...
              Do you know for sure that they got in via vbulletin and not say through the server? But it is best to stay always up to dated with the latest versions of any software that you run.

              Comment


              • #8
                Just some advice mate, best way to prevent hackers which are really bloody annoying i got hacked before, in CPanel (IF you got one) go to Password Directory, click on forum folder, click on the name admincp: You have to put in a Name i put "GET LOST!" and click save, then make a username dont use admin or Admin use something different maybe for example [email protected] and password a Radom 18 digit Pasword using Numbers, letters and Symbols, id use a Cpanel Password Generator and keep these safe on your computer maybe in a notepad file then save the username.. Try and go to www.yourforum.com/admincp and your get a pop up... but for Cpanel use a Strong 18 Digit password random too and your have a secure forum.

                Comment


                • #9
                  Originally posted by Mike4Kayla View Post
                  Just some advice mate, best way to prevent hackers which are really bloody annoying i got hacked before, in CPanel (IF you got one) go to Password Directory, click on forum folder, click on the name admincp: You have to put in a Name i put "GET LOST!" and click save, then make a username dont use admin or Admin use something different maybe for example [email protected] and password a Radom 18 digit Pasword using Numbers, letters and Symbols, id use a Cpanel Password Generator and keep these safe on your computer maybe in a notepad file then save the username.. Try and go to www.yourforum.com/admincp and your get a pop up... but for Cpanel use a Strong 18 Digit password random too and your have a secure forum.
                  Agreed, this is a good idea. Also, change the directories of your modcp and admincp from the defaults... I always do. Make sure you change them in config.php too though.

                  Comment


                  • #10
                    admincp was already changed befor the attack.. Thanks so much for all the help..

                    Comment


                    • #11
                      Originally posted by icarusforde View Post
                      Agreed, this is a good idea. Also, change the directories of your modcp and admincp from the defaults... I always do. Make sure you change them in config.php too though.
                      Another great security even if its admin and mod still different to admincp and modcp

                      Comment


                      • #12
                        Originally posted by Mike4Kayla View Post
                        Another great security even if its admin and mod still different to admincp and modcp
                        I like that..

                        Comment


                        • #13
                          When I did a backup the only thing that was not working was photopost so I did some research and this is what I came across http://www.photopost.com/forum/photo...sh-hacker.html

                          Apparently these attackers know how to hack your system through photopost...





                          "I found the script that was used to wreak the havoc on my server. The evidence in my case was located in /.bash_history, /etc/udev/pr.txt and /etc/udev/i.txt.

                          The history file shows the attacker downloaded the txt files from ddmalfa.cz and ran them. He also added a user named "help" before causing the system to crash."


                          Read more: http://www.directadmin.com/forum/arc...p/t-17881.html
                          Last edited by RideHarder; Sun 11th Apr '10, 10:25am.

                          Comment


                          • #14
                            That thread is three years old....... what makes you think that this has anything to do with PhotoPost?

                            Comment


                            • #15
                              Originally posted by DanaSoft View Post
                              That thread is three years old....... what makes you think that this has anything to do with PhotoPost?


                              dreaken667
                              01-11-2010, 02:28 PM

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X